Bug ID 1602641

Bug Tracker
ID 1602641

Bug ID 1602641: Configuring verified-accept and SSL mirroring on the same virtual results in stalled connections.

Last Modified: Sep 27, 2024

Affected Product(s):
BIG-IP LTM, TMOS(all modules)

Known Affected Versions:
15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 17.1.1.3, 17.1.1.4

Opened: Jun 28, 2024

Severity: 3-Major

Symptoms

If a virtual server has SSL mirroring and with verified-accept enabled, the set handshake timeout value will be delayed during the SSL handshake client connections. The standby unit will not copy the connection to the virtual server.

Impact

- SSL connections delayed inside the SSL handshake - SSL connections are not mirrored to the peer unit.

Conditions

- Verified accept enabled - SSL mirroring enables - An HA pair

Workaround

Disable mirroring or disable verified-accept.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips